GPG Key Usage
Recently I had to learn about gpg keys. To save time searching for answers in the future here is a quick tutorial on usage.
Creating Key
I use RSA with 4096 bits. Please note the passphrase that is requested at the end
dan@ubuntu-test:~$ gpg --full-generate-key
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: name here
Email address: [email protected]
Comment:
You selected this USER-ID:
"name here <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 46B5CCF44B7B12BA marked as ultimately trusted
gpg: revocation certificate stored as '/home/dan/.gnupg/openpgp-revocs.d/3C1DB5A047D7D78F9D7717D146B5CCF44B7B12BA.rev'
public and secret key created and signed.
pub rsa4096 2021-10-26 [SC]
3C1DB5A047D7D78F9D7717D146B5CCF44B7B12BA
uid name here <[email protected]>
sub rsa4096 2021-10-26 [E]
Export Public Key
Anyone sending to you will need you public gpg key.
gpg --output public.key --armor --export username@email
Import Key
To import someone else’s key to encrypt a file do the following.
gpg --import public.key
Encrypt File
gpg --recipient "name here" -e filename
This will generate a file named filename.gpg
for “name here”.
Decrypt File
Using your private key decrypt the file. You will need the passphrase.
If you have a passphrase file:
gpg --pinentry-mode loopback --passphrase-file passphrasefilename -d filename.gpg > filename
If you don’t but know the passphrase:
gpg -d filename.gpg > filename